AI and California Privacy Law (CCPA/CPRA): What Businesses Must Know
Yes, but not with raw data: the CCPA/CPRA protects a Californian's Sensitive Personal Information. De-identify it before any AI prompt.
Here is the short answer. The CCPA lets you use AI, but not with a Californian's raw personal data. The California Consumer Privacy Act (CCPA), amended by the California Privacy Rights Act (CPRA), gives consumers strong rights. They can know, delete, correct, and opt out of the sale or sharing of their data. They can also limit how their Sensitive Personal Information is used. Pasting that data into a consumer AI is a processing activity. If the vendor reuses it, that can look like a sale or an unauthorised secondary use. The clean fix is simple. De-identify California identifiers before they enter any AI prompt.
What the CCPA and CPRA give California consumers
Let's keep the layers clear. The CCPA is the underlying statute. The CPRA is the 2020 ballot measure that amended it. The CPRA added new rights and a new category of data. It also created a dedicated regulator, the CPPA (California Privacy Protection Agency). Together they give California residents real control over their personal information.
The core rights are easy to list. Consumers can ask what a business collects about them. They can ask to delete it or correct it. They can opt out of the sale or sharing of their personal information. And they can limit the use of their Sensitive Personal Information.
Sensitive Personal Information, or SPI, is a defined category under the CPRA. It covers the identifiers most useful to fraudsters. Here is what falls inside it.
- Social Security, driver's licence and state ID numbers.
- Financial account details combined with access credentials.
- Precise geolocation.
- Racial or ethnic origin, religious beliefs, and union membership.
- Genetic and biometric data, and health information.
- The contents of mail, email and texts, when the business is not the intended recipient.
Pasting consumer data into AI is processing
Think about what happens when you paste. You copy a Californian's personal data into a consumer AI tool. Under the CCPA, that is a processing activity. It does not stop being personal data because a chatbot handles it.
The risk depends on the vendor's terms. Some AI vendors may reuse your inputs, for example to train their own models. That reuse can amount to a sale or sharing under the CCPA. It may also count as an unauthorised secondary use. Proper contracts are the mechanism that prevents this. Service-provider or contractor terms keep a vendor from counting as a buyer. You must also honour opt-outs and give the required notice at collection.
The CPPA and the new AI rules
California is not standing still. The CPPA (California Privacy Protection Agency) enforces the law alongside the California Attorney General. It also holds rulemaking power. In 2025 it finalised a new package of regulations.
The timeline matters, so here it is. The CPPA Board adopted the package on 24 July 2025. The Office of Administrative Law approved the rules. They were filed on 22 September 2025 and took effect on 1 January 2026. The package covers automated decision-making technology, risk assessments, and cybersecurity audits.
But the effective date is not the deadline to comply. The substantive deadlines are phased, and mostly future-dated. These rules also carry business-size and revenue thresholds. So they apply to certain qualifying businesses, not to everyone. The CPPA has set a schedule that begins as follows.
- 1Businesses using automated decision-making for significant decisions must comply from 1 January 2027.
- 2Risk-assessment duties start in 2026, with the first documentation due to the CPPA by 1 April 2028.
- 3Cybersecurity-audit certifications are staggered by revenue, the first due 1 April 2028 for the largest businesses.
One theme runs through the ADMT rules. When a business uses automated decision-making for significant decisions, it must tell affected consumers. It must also let them opt out and access information about that use.
De-identification takes data out of scope
Here is the practical lever. The CCPA does not apply to data that is properly de-identified or aggregated. Remove the link to a real person, and the definition of personal information no longer fits. That is why anonymising before the prompt is so useful. It reduces your risk and can move the data outside the law.
One word is load-bearing here: properly. De-identification is not a magic exemption. The law expects reasonable measures and a commitment not to re-identify. Done right, though, it is your strongest move. The AI reasons about a case it can never trace back to a named consumer.
| You assume | The reality |
|---|---|
| “An AI seeing an SSN is harmless” | SSNs are Sensitive Personal Information under the CPRA, with extra limits |
| “Pasting into a chatbot isn't processing” | Under the CCPA it is a processing activity like any other |
| “The vendor can't be a sale” | Reuse for training can amount to a sale or sharing without the right contract |
| “De-identified data still counts” | Properly de-identified data falls outside the CCPA's personal information |
So the method is straightforward. Keep general questions general. When you must include a real case, de-identify it first. Replace each California identifier with a token. The AI works on the structure, never the raw value. You restore the real values later, on your own machine.
That is exactly what ONYRI Sanitize does. The engine detects sensitive data — SSNs, driver's licence and account numbers, geolocation, health details. It swaps that data for reversible tokens before anything is sent. Detection and the mapping stay in your browser. Only de-identified text reaches the model. The AI sees tokens, never a real Californian's identifiers. You get the help, and you keep the data on the safe side of the CCPA.
Frequently asked questions
- What does California privacy law (CCPA/CPRA) require when you use AI with consumer data?
- It requires you to treat the data as protected. The CCPA, as amended by the CPRA, gives California consumers rights to know, delete, correct, and opt out of the sale or sharing of their data. It also lets them limit the use of Sensitive Personal Information. Pasting that data into a consumer AI is processing. You need proper contracts, must honour opt-outs, and must give notice at collection. De-identifying the data before the prompt reduces the risk and can take it out of scope.
- Is putting a Social Security number into ChatGPT a CCPA problem?
- It can be. A Social Security number is Sensitive Personal Information under the CPRA. Pasting it into a consumer AI is a processing activity. If the vendor reuses it, that may count as a sale, sharing or an unauthorised secondary use. The safe move is to replace it with a token before you send.
- Does de-identifying data really take it outside the CCPA?
- Yes, when it is done properly. The CCPA does not apply to data that is properly de-identified or aggregated. But 'properly' matters: the law expects reasonable measures and a commitment not to re-identify. Anonymising California identifiers before an AI prompt reduces risk and can move the data outside the statute's definition of personal information.
Sources & references
- California Consumer Privacy Act (CCPA): overview, consumer rights and Sensitive Personal Information — California Office of the Attorney General
- CPPA rulemaking: automated decision-making (ADMT), risk-assessment and cybersecurity-audit regulations — California Privacy Protection Agency (CPPA)
- California Privacy Protection Agency: the regulator created by the CPRA — California Privacy Protection Agency (CPPA)
Keep your sensitive data in your browser
ONYRI Sanitize detects and masks your sensitive data before it reaches the AI, then restores the answer — from names to API keys.
Anonymize my prompt